You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Would you suggest not connecting to the vps then or can I ignore the warning?

You should never ignore this type of error! Instead, try to find the cause of the problem and find a suitable solution, because this could be an attempt to snoop on your communications. Try these steps out, read the accompanying link and see if this helps you sort it out.

1) Are you trying to connect to the VPS by IP address?

It is common for this error to be thrown up if you are trying to connect using the IP address instead of by name, because the IP address isn't actually on the certificate. Try connecting by name and see if this does not correct the issue.

2) This type of error could be the sign of someone trying to snoop on your connection.

This error is common when someone is trying to get you to accept a malicious certificate so they can sniff your encrypted connection. If this is a malicious certificate and you accept it, then the attacker will be able to intercept all contents of this connection in plain-text. This would include, but not be limited to: key exchanges, passwords, take control of the current session, etc.

3) What would be the impact of accepting a malicious certificate?

Well, it largely depends on how often you reuse passwords, if you're exchanging files back and forth to the server, etc. Since all of your VPS communications would then be compromised, it would be trivial for an attacker to place malicious files on the VPS for you to download, serve you with malicious files during transmission, use the VPS to attack your home network - since you most likely allow it through your firewall, etc.

When you see this as part of a message, VPN or simply connected via a router, take it seriously. Don't proceed.

There has been times when I would get numerous such errors within a few minutes, usually a reboot the router will clear this up. Or reboot the router & modem. I do this weekly as network maintenance, keeps the connection fast. Plus if there's any junk on either, this will remove it.

Cat

Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues.

Warnings are provided for a reason and should not be dismissed or ignored. You need to investigate further.

As the link I provided to the Microsoft article indicates....

The identity of the remote computer cannot be verified.Do you want to connect anyway?

The remote computer could not be authenticated due to problems with its security certificate. It may be unsafe to proceed

Name mismatch
Requested remote computer is <computer name 1>
Name in the certificate is <computer name 2>

Certificate errors
The server name on the certificate is incorrect
the certificate is not from a trusted certiying authority.

Do you want to connect despite these certificate errors?

I didn't realize that we posted the same advice. Your link was named differently and I don't normally click on links. After coming back to this thread, I realize you had basically said the same thing first. I am sorry about that, haha.

I didn't realize that we posted the same advice. Your link was named differently and I don't normally click on links. After coming back to this thread, I realize you had basically said the same thing first. I am sorry about that, haha.

Not a problem...it happens to all of us from time to time. BTW, you should be able to view the link url by hovering your mouse over it without having to click on the actual link.

It's very common on a VPS to use a self-signed cert and you will receive those errors. If that's the case it should be safe to accept. Check with your VPS provider if you are unsure.

"Should" leaves room for error, potentially a dangerous one. In this case, could be adding an untrusted security certificate.

Though I agree to check with the provider.

These warnings aren't shown for the sake of it. It's really imperative to think before one clicks. Because Malware prevention is much less work than cleanup. When I see such an error, VPN or not, will close the page w/out proceeding. Too risky of a chance to take,

Cat

Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues.

Are we talking VPN or VPS? I don't know any VPS provider that uses anything but self-signed certificates by default. After you are provided your login credentials you can purchase an SSL certificate for your hostname and install it.

Are we talking VPN or VPS? I don't know any VPS provider that uses anything but self-signed certificates by default. After you are provided your login credentials you can purchase an SSL certificate for your hostname and install it.

Actually my post was speaking of either, no matter the network connection.

If I see something fishy, or a warning staring me in the face, will close the page. I don't have my own site, so am unfamiliar about purchasing SSL certificates. However I have enabled the option "Check for server certificate revocation" in the HTTPS/SSL setting of the browser.

Cat

Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues.

Self signed certificates are fairly common actually but that doesn't automatically mean you should ignore the error. I wouldn't say you are 'unsafe' to browse because you're receiving this error but definitely as other have said, you should investigate as soon as possible as there is the potential for this to be something serious.

Check with your provider to see whether this behaviour is normal, and until you receive confirmation from them, don't engage in any sensitive activities. Change your passwords regularly, don't do any online banking and if you have banked online since receiving this error, call the bank and check your balance and account status just to be sure.

In general, accepting a self signed certificate is always risky. If I need to accept one to visit a site (that I know is safe), I will remove the certificate afterwards (though this practise is certainly not advisable, if you're in any doubt of the risks).

The few times that I seen certificate errors pop up, it's always either for Google during Web searches or when about to sign onto Outlook/Hotmail.com. To the best of my recollection, this takes place when running a Windows OS. Not saying it hasn't happened on Linux Mint, but don't recall it.

When it does happen, I simply switch to the Bing search engine & wait it out on Outlook.com.

Cat

Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues.